The mechanics of trust: a framework for research and design

With an increasing number of technologies supporting transactions over distance and replacing traditional forms of interaction, designing for trust in mediated interactions has become a key concern for researchers in human computer interaction (HCI). While much of this research focuses on increasing users’ trust, we present a framework that shifts the perspective towards factors that support trustworthy behavior. In a second step, we analyze how the presence of these factors can be signalled. We argue that it is essential to take a systemic perspective for enabling well-placed trust and trustworthy behavior in the long term. For our analysis we draw on relevant research from sociology, economics, and psychology, as well as HCI. We identify contextual properties (motivation based on temporal, social, and institutional embeddedness) and the actor's intrinsic properties (ability, and motivation based on internalized norms and benevolence) that form the basis of trustworthy behavior. Our analysis provides a frame of reference for the design of studies on trust in technology-mediated interactions, as well as a guide for identifying trust requirements in design processes. We demonstrate the application of the framework in three scenarios: call centre interactions, B2C e-commerce, and voice-enabled on-line gaming

Traceability of Requirements and Software Architecture for Change Management

At the present day, software systems get more and more complex. The requirements of software systems change continuously and new requirements emerge frequently. New and/or modified requirements are integrated with the existing ones, and adaptations to the architecture and source code of the system are made. The process of integration of the new/modified requirements and adaptations to the software system is called change management. The size and complexity of software systems make change management costly and time consuming. To reduce the cost of changes, it is important to apply change management as early as possible in the software development cycle. Requirements traceability is considered crucial in change management for establishing and maintaining consistency between software development artifacts. It is the ability to link requirements back to stakeholders’ rationales and forward to corresponding design artifacts, code, and test cases. When changes for the requirements of the software system are proposed, the impact of these changes on other requirements, design elements and source code should be traced in order to determine parts of the software system to be changed. Determining the impact of changes on the parts of development artifacts is called change impact analysis. Change impact analysis is applicable to many development artifacts like requirements documents, detailed design, source code and test cases. Our focus is change impact analysis in requirements and software architecture. The need for change impact analysis is observed in both requirements and software architecture. When a change is introduced to a requirement, the requirements engineer needs to find out if any other requirement related to the changed requirement is impacted. After determining the impacted requirements, the software architect needs to identify the impacted architectural elements by tracing the changed requirements to software architecture. It is hard, expensive and error prone to manually trace impacted requirements and architectural elements from the changed requirements. There are tools and approaches that automate change impact analysis like IBM Rational RequisitePro and DOORS. In most of these tools, traces are just simple relations and their semantics is not considered. Due to the lack of semantics of traces in these tools, all requirements and architectural elements directly or indirectly traced from the changed requirement are candidate impacted. The requirements engineer has to inspect all these candidate impacted requirements and architectural elements to identify changes if there are any. In this thesis we address the following problems which arise in performing change impact analysis for requirements and software architecture. Explosion of impacts in requirements after a change in requirements. In practice, requirements documents are often textual artifacts with implicit structure. Most of the relations among requirements are not given explicitly. There is a lack of precise definition of relations among requirements in most tools and approaches. Due to the lack of semantics of requirements relations, change impact analysis may produce high number of false positive and false negative impacted requirements. A requirements engineer may have to analyze all requirements in the requirements document for a single change. This may result in neglecting the actual impact of a change. Manual, expensive and error prone trace establishment. Considerable research has been devoted to relating requirements and design artifacts with source code. Less attention has been paid to relating Requirements (R) with Architecture (A) by using well-defined semantics of traces. Designing architecture based on requirements is a problem solving process that relies on human experience and creativity, and is mainly manual. The software architect may need to manually assign traces between R&A. Manual trace assignment is time-consuming, expensive and error prone. The assigned traces might be incomplete and invalid. Explosion of impacts in software architecture after a change in requirements. Due to the lack of semantics of traces between R&A, change impact analysis may produce high number of false positive and false negative impacted architectural elements. A software architect may have to analyze all architectural elements in the architecture for a single requirements change. In this thesis we propose an approach that reduces the explosion of impacts in R&A. The approach employs semantic information of traces and is supported by tools. We consider that every relation between software development artifacts or between elements in these artifacts can play the role of a trace for a certain traceability purpose like change impact analysis. We choose Model Driven Engineering (MDE) as a solution platform for our approach. MDE provides a uniform treatment of software artifacts (e.g. requirements documents, software design and test documents) as models. It also enables using different formalisms to reason about development artifacts described as models. To give an explicit structure to requirements documents and treat requirements, architecture and traces in a uniform way, we use metamodels and models with formally defined semantics. The thesis provides the following contributions: A modeling language for definition of requirements models with formal semantics. The language is defined according to the MDE principles by defining a metamodel. It is based on a survey about the most commonly found requirements types and relation types. With this language, the requirements engineer can explicitly specify the requirements and the relations among them. The semantics of these entities is given in First Order Logic (FOL) and allows two activities. First, new relations among requirements can be inferred from the initial set of relations. Second, requirements models can be automatically checked for consistency of the relations. Tool for Requirements Inferencing and Consistency Checking (TRIC) is developed to support both activities. The defined semantics is used in a technique for change impact analysis in requirements models. A change impact analysis technique for requirements using semantics of requirements relations and requirements change types. The technique aims at solving the problem of explosion of impacts in requirements when semantics of requirements relations is missing. The technique uses formal semantics of requirements relations and requirements change types. A classification of requirements changes based on the structure of a textual requirement is given and formalized. The semantics of requirements change types is based on FOL. We support three activities for impact analysis. First, the requirements engineer proposes changes according to the change classification before implementing the actual changes. Second, the requirements engineer indentifies the propagation of the changes to related requirements. The change alternatives in the propagation are determined based on the semantics of change types and requirements relations. Third, possible contradicting changes are identified. We extend TRIC with a support for these activities. The tool automatically determines the change propagation paths, checks the consistency of the changes, and suggests alternatives for implementing the change. A technique that provides trace establishment between R&A by using architecture verification and semantics of traces. It is hard, expensive and error prone to manually establish traces between R&A. We present an approach that provides trace establishment by using architecture verification together with semantics of requirements relations and traces. We use a trace metamodel with commonly used trace types. The semantics of traces is formalized in FOL. Software architectures are expressed in the Architecture Analysis and Design Language (AADL). AADL is provided with a formal semantics expressed in Maude. The Maude tool set allows simulation and verification of architectures. The first way to establish traces is to use architecture verification techniques. A given requirement is reformulated as a property in terms of the architecture. The architecture is executed and a state space is produced. This execution simulates the behavior of the system on the architectural level. The property derived from the requirement is checked by the Maude model checker. Traces are generated between the requirement and the architectural components used in the verification of the property. The second way to establish traces is to use the requirements relations together with the semantics of traces. Requirements relations are reflected in the connections among the traced architectural elements based on the semantics of traces. Therefore, new traces are inferred from existing traces by using requirements relations. We use semantics of requirements relations and traces to both generate/validate traces and generate/validate requirements relations. There is a tool support for our approach. The tool provides the following: (1) generation/validation of traces by using requirements relations and/or verification of architecture, (2) generation/validation of requirements relations by using traces. A change impact analysis technique for software architecture using architecture verification and semantics of traces between R&A. The software architect needs to identify the impacted architectural elements after requirements change. We present a change impact analysis technique for software architecture using architecture verification and semantics of traces. The technique is semi-automatic and requires participation of the software architect. Our technique has two parts. The first part is to identify the architectural elements that implement the system properties to which proposed requirements changes are introduced. By having the formal semantics of requirements relations and traces, we identify which parts of software architecture are impacted by a proposed change in requirements. We have extended TRIC for determining candidate impacted architectural elements. The second part of our technique is to propose possible changes for software architecture when the software architecture does not satisfy the new and/or changed requirements. The technique is based on architecture verification. The output of verification is a counter example if the requirements are not satisfied. The counter example is used with a classification of architectural changes in order to propose changes in the software architecture. These changes produce a new version of the architecture that possibly satisfies the new or the changed requirements

An OMG model-based approach for aligning information systems requirements and architectures with business

Tese de Doutoramento (Programa Doutoral em Tecnologias e Sistemas de Informação)The challenges involved in developing information systems (which are able to adapt to rapidly changing business and technological conditions) are directly related to the importance of their alignment with the business counterpart. These challenges comprise issues that cross management and information systems domains, relating and aligning them in order to attain superior performance for the organization, while identifying its strategy and tailoring its business processes. As this relation is increasingly intertwined its concepts are conducted to pragmatic methods, incorporating both management and information systems components, for how, when and where this alignment really matters. The related topics of the alignment between business and information systems comprise diverse paths of research, though with little common ground established inside the community, where problems arouse due to the fast moving business and technological environments. According to these circumstances, the process of developing information systems to support the alignment benefits from incorporating the use of structured and model-based approaches. So, as the development of evermore complex information systems presents a challenge for the currently available methods, the use of models to support the alignment with business stands as an increasingly important issue. Following those challenges, we set out to question how to develop solutions aligning information systems with business in a model-based approach. Accordingly, we support our research on the need to understand what are the perspectives involved in aligning information systems with business, and, moreover, to comprehend in what sense model adoption drives information systems development. So, the proposed goals for this thesis are: (1) set the basis for the elicitation of business requirements in order to support a well-grounded development of information systems; (2) provide for the generation of business models based on the business requirements, while assuring their alignment and traceability; and (3) arrange for the derivation of information system architectures from the business requirements, while attaining alignment and traceability for their mutual transformation and adaptation. Several issues surrounding these goals have already been described and approached in diverse ways by other researchers, where existing approaches and associated methods achieved good results. Nevertheless, these approaches are not without their shortfalls, sometimes failing to present a complete solution, others being unable to adapt to new challenges, or even incapable of reacting to recent trends. In order to tackle these issues we propose to build upon those approaches by adapting, evolving and innovating on solutions in each of the three proposed goals, respectively intertwining with perspectives from related standards and reference models. Answering the first goal, in what regards the main contributions of this thesis, we propose to broaden the elicitation of requirements by relating functional and nonfunctional requirements from business processes. So, we present a unified metamodel representation for those requirements, accompanied by a customizable method for their joint elicitation, based-on business-driven use-cases, goals and rules. This approach adopts the Rational Unified Process (RUP) development methodology and the Business Motivation Model (BMM) standard model language representation for business requirements. Moreover, the metamodel representation and method operationalization are accompanied by a prototype support tool that completes this first contribution. For the second goal, a more business-oriented one correlated to the higher-level requirements, we propose to generate business models directly from the inferred functional and nonfunctional requirements. So, we present a three-dimensional approach built on the relation of the referred requirements with the Balanced Scorecard (BSC) reference model, where an additional mapping to the Business Model Canvas (BMC) is also made available. This proposal provides an associated metamodel representation for the relation between the elements involved and a customizable method for their operationalization, all accompanied by a prototype support tool. On the third goal, focused on system architectures and connected to the lower-level requirements, we propose to derive service-oriented participants from the functional requirements, while aligning the nonfunctional requirements with the quality characteristics of the solution to-be. First, we present an evolution of an existing method for the derivation of a logical architecture, in order to adapt it to a service-oriented approach (SOA). Then, following on the existing relation between the nonfunctional and functional side of the low-level requirements, our approach is able to associate these last with its related services on the derived architecture, in another three-dimensional approach. Additionally, a mapping of the nonfunctional requirements with the system quality characteristics (CISQ) is made available. Once more, an associated metamodel, a customizable method and a prototype support tool are also provided. The development of these three approaches is supported through the execution of tasks which originate artifacts and lead to publications associated to their respective research and development efforts, all according to the Design Science Research (DSR) methodology. These are applied in ongoing projects involving experimental scenarios in industrial settings and associated to established research reference patterns, balancing the interests of both researchers and practitioners while focused both on technology and management audiences. The results obtained from their evaluation reflect the quality and depth of our findings, helping to validate the scientific contribution of this work.Os desafios implicados no desenvolvimento de sistemas de informação (que sejam capazes de se adaptar a condições tecnológicas e de negócios em rápida mutação) estão diretamente relacionados à importância do seu alinhamento com a contraparte do negócio. Esses desafios envolvem questões que cruzam os domínios da gestão e dos sistemas de informação, relacionando-os e alinhando-os com o intuito de alcançar um desempenho superior para a organização, ao mesmo tempo que identificam a sua estratégia e adequam os seus processos de negócio. Como esta relação está cada vez mais interligada, os seus conceitos são canalizados para métodos pragmáticos, incorporando ambos os componentes de sistemas de informação e de gestão, para saber como, quando e onde este alinhamento realmente interessa. Os tópicos relacionados com o alinhamento entre negócio e sistemas de informação abrangem diversos caminhos de pesquisa, embora com poucos alicerces em comum estabelecidos dentro da comunidade, onde os problemas surgem devido às rápidas mudanças nos negócios e nos ambientes tecnológicos. De acordo com estas circunstâncias, o processo de desenvolvimento de sistemas de informação para apoiar o alinhamento beneficia de incorporar o uso de abordagens estruturadas e baseadas em modelos. Assim, dado que o desenvolvimento de sistemas de informação cada vez mais complexos apresenta um desafio para os métodos atualmente disponíveis, o uso de modelos para apoiar o alinhamento com o negócio destaca-se como uma questão cada vez mais importante. Em linha com esses desafios, estabelecemos a questão de como desenvolver soluções para alinhar sistemas de informações com o negócio numa abordagem baseada em modelos. Neste sentido, apoiamos a nossa pesquisa na necessidade de compreender quais são as perspetivas envolvidas no alinhamento dos sistemas de informação com o negócio, e, além disso, de compreender em que sentido a adoção de modelos capacita o desenvolvimento desses sistemas. Assim, os objetivos propostos para esta tese são: (1) definir as bases para o levantamento de requisitos de negócio a fim de suportar um desenvolvimento bem fundamentado de sistemas de informação; (2) disponibilizar a geração de modelos de negócio baseados nos requisitos de negócio, garantindo o alinhamento e a rastreabilidade entre ambos; e (3) estruturar a derivação de arquiteturas de sistema de informação a partir dos requisitos de negócio, preservando o alinhamento e rastreabilidade para a sua mútua transformação e adaptação. Várias questões envolvendo estes objetivos foram já descritas e tratadas de diversas maneiras por outros investigadores, tendo as abordagens existentes e os métodos associados alcançado bons resultados. No entanto, essas abordagens têm as suas lacunas, umas vezes falham em apresentar uma solução completa, noutras são ineficientes ao se adaptarem a novos desafios, ou mesmo incapazes de reagir às novas tendências. Para lidar com estas questões, propomo-nos apoiar nessas abordagens, adaptando, evoluindo e inovando em soluções para cada um dos três objetivos propostos, intersetando-as, respetivamente, com perspetivas de modelos de referência e padrões relacionados. Relativamente ao primeiro objetivo, no que concerne aos principais contributos desta tese, propomos alargar o levantamento de requisitos, relacionando os requisitos funcionais e nãofuncionais dos processos de negócios. Assim, apresentamos um meta-modelo para a representação unificada desses requisitos, acompanhado por um método personalizável para o seu levantamento conjunto, baseada em casos-de-uso, metas e regras orientadas a negócio. Esta abordagem adota a metodologia de desenvolvimento do Rational Unified Process (RUP) e a representação padrão do modelo de linguagem do Business Motivation Model (BMM), para os requisitos de negócio. Além disso, a representação meta-modelo e a operacionalização do método são acompanhados por um protótipo de uma ferramenta de suporte que completa esta primeira contribuição. Quanto ao segundo objetivo, mais orientado ao negócio e correlacionado com os requisitos de nível superior, propomos gerar modelos de negócio a partir dos requisitos funcionais e não-funcionais inferidos. Assim, apresentamos uma abordagem tridimensional, construída sobre a relação dos referidos requisitos com o modelo de referência do Balanced Scorecard (BSC), em que um mapeamento adicional para o Business Model Canvas (BMC) é também disponibilizado. Esta proposta inclui um meta-modelo para representação da relação entre os elementos envolvidos e um método personalizável para a sua operacionalização, tudo acompanhado por um protótipo de uma ferramenta de suporte. No terceiro objetivo, focado em arquiteturas de sistema e ligado aos requisitos de nível inferior, propomos derivar participantes orientados-a-serviços desde os requisitos funcionais, alinhando os requisitos não-funcionais com as características de qualidade da solução a obter. Primeiro, apresentamos uma evolução de um método existente para a derivação de uma arquitetura lógica, adaptando-o a uma abordagem-orientada-a-serviços (SOA). Assim, prosseguindo a relação existente entre o lado não-funcional e funcional dos requisitos de baixo nível, a nossa abordagem associa estes últimos com os serviços relacionados na arquitetura derivada, numa outra abordagem tridimensional. Além disso, um mapeamento dos requisitos não-funcionais com as características de qualidade do sistema (CISQ) é disponibilizado. Mais uma vez, um meta-modelo associado, um método personalizável e um protótipo da ferramenta de suporte são disponibilizados. O desenvolvimento destas três abordagens é suportado pela execução de tarefas, as quais dão origem a artefatos e levam a publicações associadas aos seus esforços de pesquisa e desenvolvimento respetivamente, tudo de acordo com a metodologia DSR. Estas são aplicadas a projetos em andamento, os quais envolvem cenários experimentais em ambientes industriais e associados a padrões de investigação de referência, equilibrando os interesses de investigadores e profissionais assim como dos diferentes públicos de tecnologia e gestão. Os resultados obtidos na sua avaliação refletem a qualidade e a profundidade dos nossos resultados, ajudando a validar a contribuição científica deste trabalho

Heard It through the Grapevine: Traceability, Intelligence Cohort, and Collaborative Hazard Intelligence

abstract: Designing a hazard intelligence platform enables public agencies to organize diversity and manage complexity in collaborative partnerships. To maintain the integrity of the platform while preserving the prosocial ethos, understanding the dynamics of “non-regulatory supplements” to central governance is crucial. In conceptualization, social responsiveness is shaped by communicative actions, in which coordination is attained through negotiated agreements by way of the evaluation of validity claims. The dynamic processes involve information processing and knowledge sharing. The access and the use of collaborative intelligence can be examined by notions of traceability and intelligence cohort. Empirical evidence indicates that social traceability is statistical significant and positively associated with the improvement of collaborative performance. Moreover, social traceability positively contributes to the efficacy of technical traceability, but not vice versa. Furthermore, technical traceability significantly contributes to both moderate and high performance improvement; while social traceability is only significant for moderate performance improvement. Therefore, the social effect is limited and contingent. The results further suggest strategic considerations. Social significance: social traceability is the fundamental consideration to high cohort performance. Cocktail therapy: high cohort performance involves an integrative strategy with high social traceability and high technical traceability. Servant leadership: public agencies should exercise limited authority and perform a supporting role in the provision of appropriate technical traceability, while actively promoting social traceability in the system.Dissertation/ThesisDoctoral Dissertation Business Administration 201

Detecting Broken Pointcuts using Structural Commonality and Degree of Interest

Pointcut fragility is a well-documented problem in Aspect-Oriented Programming; changes to the base code can lead to join points incorrectly falling in or out of the scope of pointcuts. Deciding which pointcuts have broken due to base-code changes is daunting, especially in large and complex systems. We present an automated approach that recommends pointcuts that are likely to require modification due to a certain base-code change and ones that do not. Our hypothesis is that join points selected by a pointcut exhibit common structural characteristics. Patterns describing such commonalities recommend pointcuts that have potentially broken to the developer. The approach is implemented as an extension to the popular Mylyn Eclipse IDE plug-in, which maintains focused contexts of entities relevant to the task at hand using a Degree of Interest (DOI) model

A Decade of Code Comment Quality Assessment: A Systematic Literature Review

Code comments are important artifacts in software systems and play a paramount role in many software engineering (SE) tasks related to maintenance and program comprehension. However, while it is widely accepted that high quality matters in code comments just as it matters in source code, assessing comment quality in practice is still an open problem. First and foremost, there is no unique definition of quality when it comes to evaluating code comments. The few existing studies on this topic rather focus on specific attributes of quality that can be easily quantified and measured. Existing techniques and corresponding tools may also focus on comments bound to a specific programming language, and may only deal with comments with specific scopes and clear goals (e.g., Javadoc comments at the method level, or in-body comments describing TODOs to be addressed). In this paper, we present a Systematic Literature Review (SLR) of the last decade of research in SE to answer the following research questions: (i) What types of comments do researchers focus on when assessing comment quality? (ii) What quality attributes (QAs) do they consider? (iii) Which tools and techniques do they use to assess comment quality?, and (iv) How do they evaluate their studies on comment quality assessment in general? Our evaluation, based on the analysis of 2353 papers and the actual review of 47 relevant ones, shows that (i) most studies and techniques focus on comments in Java code, thus may not be generalizable to other languages, and (ii) the analyzed studies focus on four main QAs of a total of 21 QAs identified in the literature, with a clear predominance of checking consistency between comments and the code. We observe that researchers rely on manual assessment and specific heuristics rather than the automated assessment of the comment quality attributes